---
title: Tailscale HTTPS domain disabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Tailscale HTTPS domain disabled
---

# Tailscale HTTPS domain disabled

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0005-defense-evasion](https://attack.mitre.org/tactics/TA0005)Technique:[T1562-impair-defenses](https://attack.mitre.org/techniques/T1562) 
## Goal{% #goal %}

Detect when [HTTPS](https://tailscale.com/kb/1153/enabling-https/) has been disabled for a Tailscale tailnet.

## Strategy{% #strategy %}

This rule monitors Tailscale logs where `@evt.name` is `DISABLE`, `@target.type` is `TAILNET`, and `@target.property` is `HTTPS`. Disabling HTTPS for the tailnet reduces transport-layer security and could expose administrative or user traffic to interception. An attacker disabling this could be an attempt to weaken network defenses.

## Triage and response{% #triage-and-response %}

- Investigate the user `{{@usr.name}}` that disabled HTTPS on the tailnet.
- Review change management records for a planned maintenance or troubleshooting exception.
- Determine the scope of impact and whether other security controls remain in place.
- If the activity is not expected, begin your organization's incident response process and investigate.